Hybrid password meters for more secure passwords - a comprehensive study of password meters including nudges and password information

Supporting users with secure password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter, i.e. providing feedback on the user's password strength as and when it is created. However, findings related to the password meter's effectivenes...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Behaviour & Information Technology Ročník 42; číslo 6; s. 700 - 743
Hlavní autoři: Zimmermann, Verena, Marky, Karola, Renaud, Karen
Médium: Journal Article
Jazyk:angličtina
Vydáno: London Taylor & Francis 26.04.2023
Informa UK Limited
Taylor & Francis Ltd
Témata:
Authentication
Between-subjects design
Electronic computers. Computer science
Feedback
Heuristic
Intervention
Literature reviews
Long term
Meter
Norms
nudge
password creation
password meter
Passwords
QA75
Social environment
user-centred design
ISSN:0144-929X, 1362-3001
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Supporting users with secure password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter, i.e. providing feedback on the user's password strength as and when it is created. However, findings related to the password meter's effectiveness are varied. An extensive literature review revealed that, besides password feedback, effective password meters often include: (a) feedback nudges to encourage stronger passwords choices and (b) additional guidance. A between-subjects study was carried out with 645 participants to test nine variations of password meters with different types of feedback nudges exploiting various heuristics and norms. This study explored differences in resulting passwords: (1) actual strength, (2) memorability, and (3) user perceptions. The study revealed that password feedback, in combination with a feedback nudge and additional guidance, labelled a hybrid password meter, was generally more efficacious than either intervention on its own, on all three metrics. Yet, the type of feedback nudge targeting either the person, the password creation task, or the social context, did not seem to matter much. The meters were nearly equally efficacious. Future work should explore the long-term effects of hybrid password meters in real-life settings to confirm the external validity of these findings.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0144-929X
1362-3001
DOI:10.1080/0144929X.2022.2042384